Less could mean more for a campus network

By dumping its multi-appliance network approach in favor of an all-in-one solution, a Kentucky school beefed up security, improved the user experience—and saved money.

In deciding how to protect a university network and optimize their performance, IT departments often face a choice: Go with best-of-breed applications for each service, even if integration sometimes poses a headache, or opt for an all-in-one solution that wraps multiple services into a neat bundle. When the headaches start to outweigh the performance benefits of standalone solutions, the all-in-one approach can look mighty attractive.

Asbury University, a small faith-based school in Kentucky, reached that tipping point two years ago when it decided to trade in its multi-appliance network arrangement for an all-in-one solution—in this case, Dell’s SonicWALL E6500 series firewall. “We were dealing with separate appliances for network access control [NAC], user authentication, our VPN, and our web-content-filtering system, plus we had our firewall for network security and intrusion detection,” said Paul Dupree, CIO and assistant vice president of IT Services at Asbury University. “The devices didn’t always work seamlessly together and they weren’t communicating as efficiently as possible.”

Dupree was particularly concerned that exploitable flaws existed in the interfaces between these different devices and applications. “I think there was some vulnerability inherent in our model of four separate appliances that relied on protocols between the network appliances,” said Dupree. “There were no heavily documented vulnerabilities, but we would hear rumors of students finding ways around our web-content filtering, for example. As a faith-based institution, we have a specific mission to block certain types of websites from on-campus users.”

The user experience was also less than ideal. The old web-filtering software, for example, relied on proxy settings, so all students and employees who brought their personal devices to campus had to input the proxy settings before they could access the Internet. “It was a huge process and a pain for the end user,” said Dupree. “It also resulted in a lot of technical and support calls to our help desk. My overarching goal was to simplify the user experience.”

Although Dupree had originally employed the Dell SonicWALL solely as the firewall within the networking system, he started using its other features as problems mounted with the multi-appliance approach. “It now provides us with far more than you would expect from a firewall,” he said. “There is the web-content filtering that we manage per our acceptable-use politics, and our NAC has also been collapsed into the Dell SonicWALL. That’s been a huge bonus for us.”